Bugtraq mailing list archives
Re: Win98 Screensaver - A Interesting Problem
From: shaman2001 () HOTMAIL COM (Shaman)
Date: Wed, 17 Feb 1999 13:25:38 +1000
Ok, here is the lowdown on screensavers: Screensavers are just normal win32 progs that are named *.scr in the windows dir (try clicking on 1). Windows runs them using commandline's to perform different things (ie. screensaver.scr /A to change the passwd). As it is a normal program, it is upto it to disable the special windows keys (ctrl-alt-del etc) and stay on top. Unfortunatly, most screensavers do not watch to see that they still have focus, and therefore, any program that makes a windows call to gain focus will recieve any keystrokes, despite not being on top/visible. In conclusion to this... it's the screensavers fault. All screensavers have this problem. :) I should be more concerned with the following possibilities: * the screensaver itself is in charge of calling the passwd auth/changing dialog box (trojan is possible i guess) * do virus scanners scan *.scr files normally? * screen savers can bind a socket and allow people in while the screensaver is active and drop connections when it's not... which means poeple can gain access, knowing your not watching. * windows screensavers are normal processes and therefore can be killed by other programs. There was a post some time ago about autorun on cd's still working when screensaver is active. in short, ordinary screensavers provide virtually no security. Don't rely on them to do so. thats my .01c Shaman2001.
Current thread:
- Re: Win98 Screensaver - A Interesting Problem Demian Ginther (Feb 11)
- <Possible follow-ups>
- Re: Win98 Screensaver - A Interesting Problem Demian Ginther (Feb 15)
- Re: Win98 Screensaver - A Interesting Problem Shaman (Feb 16)